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A Global Leader in Innovative End-to-End Product Lifecycle Solutions 


Focused on enabling the world’s leading 


technology brands $6 = 6 billion 


Tailoring customer-centric solutions for the in 2018 revenue 
markets we serve 


38 locations 


in 14 countries 
Headquartered 
Operating a global network of sites with in North America 


specialized Centers of Excellence 


Over 100 


customers 
across multiple 
markets 


28,000 


employees 
worldwide 


The Markets We Serve 


Aerospace n Я А 
ее Smart Energy Industrial HealthTech Capital Equipment 


Advanced 
Technology 
Solutions 


Enterprise 
Connectivity & ; 
Cloud Solutions 
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Global Footprint 


Celestica locations across the globe 


Newmarket, ON 


Portland,OR @ Minneapolis, “Ne «© Toronto, ON 
ЧУ Mississauga, ON 
Fremont, CA Rochester, МЧ ® @ Bost J NA 
Burlingame, CA е San Joso CA ө oston, 
Santa Clara, СА “со Valley, СА Alburtis, PA 
Ontario, CA @ Tucson, AZ 
Mexicali, Mexico ө 


Monterrey, Mexico 


Leixlip, Ireland 
Galway, Ireland фу 


Salzburg, Austria Ф 


@ Valencia, Spain 


e Central, Regional, Site and Cloud Data Centers 


•  100's of Applications 


@ Oradea, Romania 


Songdo, S. Korea @ @ Miyagi, Japan 
Asan, S.Korea @ @ Tokyo, Japan 
Suzhou, China @ Hino, Japan 


Shanghai, China 
Song Shan Lake, China e ө Xiamen, China 
Hong Kong, China 


@ Savannakhet, Laos 
Laem Chabang, Thailand ф 


Penang, Malaysia Фе, Kulim, Malaysia 
Johor Bahru, Malaysia Фау Singapore 


Globally Distributed Development Teams 
100’s of Developers, 1000’s of Engineers 
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The Challenge 
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Dev Team 


2299 


Dev Team 


sacs 


Dev Team 


5859 


Prioritize Fix Prioritize Fix Prioritize Fix 
Assess Verify Assess Verify Assess Verify 
Scan Scan Scan 
Security 
Team 


After Qualys WAS 


Dev Team Dev Team Dev Team Dev Team 
2899 | 9899 | #28997 | 92899 
Verify Scan Verify Scan Verify Scan Verify Scan 
Fix Assess Fix Assess Fix Assess Fix Assess 
Prioritize Prioritize Prioritize Prioritize 


Qualys WAS АР! 


, Global. 
Prioritization 


Overall 
Vulnerability 


Posture 


Overall 
Visibility 


Security 
Team 
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Speed up the process 


Triggers 
scan 


Azure DevOps Pipeline 


Remediated Items 
ready to build 
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Azure DevOps 
Boards / Work Items 


Pulls 
findings 


BH Qualys Report API Call 


Parse ON 


[=Й For each 


* Select an output from previous steps 
| ce 


Create work items in Azure DevOps Board 


Azure LogicApp 


Converts findings 
to work Items 


Azure DevOps Pipeline 


cJ Azure DevOps 


T All pipelines > '* DevSecOps 


& DET Pipeline Tasks ~ Variables Retention Options History 
Ge Boards 
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3) Releases | 
WV Library 

© Schedule 
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Azure DevOps Board 
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Azure DevOps 


+ 


Repos 


Pipelines 


Test Plans 


Celestica 


= DevSecOpsTeam v 7 я 


Board = Analytics ©) View as Backlog 


To Do < 


New item Dp 


305 Protection against Clickjacking 


State • To Do 


306 Information Disclosure via Response Header 


State € To Do 


307 JavaScript Libraries Detected 


State € To Do 


8 309 DNS Host Name 


State € To Do 


Doing 6/5 


318 Missing header: X-Content-Type-Options 


State € Doing 


320 Links Crawled 


State € Doing 


312 Links With High Resource Consumption 


State € Doing 


315 HTTP Strict Transport Security (HSTS) 
header missing/misconfigured. 


State € Doing 


Done 


322 Missing header: X-XSS-Protection 


State @ Done 


326 Use of JavaScript Library with Known 
Vulnerability 


State @ Done 


321 Content-Security-Policy Not Implemented 


State € Done 


317 External Links Discovered 


State ө Done 


10 


In Conclusion 


e Зх – 5x turn around time reduction on 
vulnerability fixes 


* Expanded coverage of application security 
program 


* Progress towards “continuous compliance" 
* Continuous training for software engineers 


* The journey continues... 
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LEARNING 


LEARNING 


LEARNING 


